Top spook: ISP black boxes NOT key to UK's web-snoop plan

Government-funded black boxes that monitor the UK's internet traffic are not "the cornerstone" of the Home Office's web super-snoop plan, a top spook has told MPs and peers.

Ex-MI6 man Charles Farr, who heads up the Office for Security and Counter-Terrorism, dismissed claims that Deep Packet Inspection (DPI) probes are the "central plank" of the government's Communications Data Bill currently being scrutinised by Parliament.

Instead, he insisted that cooperation with communications service providers (CSPs) such as Google and Facebook was key to the proposed surveillance legislation.

Police, spooks and the taxman - among other authorities - would need to use packet-capturing black boxes when CSPs declined to provide access to communications data where it is suspected that criminal activity has taken place, said Farr.

"We could in theory accept that there is a communication service used by criminals where we cannot access any data. But that is not the view of this government," he said, speaking at a committee meeting of the politicos on Tuesday afternoon.

If CSPs refuse to provide those authorities with access to such data, a black box would be placed on a network where such information could be hoovered up.

Farr [pictured centre]: 'I dunno. A black box is about this big, I guess'

Farr added that in those instances the security services would work with ISPs to develop the technology and the telco would store the data.

Interestingly, the government's Director of Communications Capability Directorate Richard Alcock appeared to indicate that the likes of Google, Twitter and Facebook would be expected to retain unencrypted data on their systems.

All of those CSPs - whose cooperation Farr had earlier described as a "patchwork quilt" - are not only headquartered overseas but have also each implemented the Secure Sockets Layer (SSL) protocol on their services.

Up until yesterday, it was unclear how spooks could intercept traffic when such websites transmit individual user sessions over encrypted SSL channels.

"Through the bill we'll only be able to access communications data. CSPs will hold unencrypted data on their systems, we'll need to work with them," Alcock said.

"It's very easy to separate content from communications data," he added before offering reassurance to the committee of politicos by saying "we won't be applying systems that cannot reliably do that".

Peter Hill - the Head of Unit for Pursue Policy and Strategy Unit at the Home Office - stressed at the meeting that many CSPs were only too happy to cooperate. The reason for the new legislation, he added, was that "the data that we need is not available rather than that it's not being shared with us".

Farr described the discussions his office has had with CSPs as "constructive". He said: "Those providers understand there is an issue, they want to help to address it but they want a legal process to support it."

On the issue of DPI, Alcock said black boxes were already "used as a matter of course" by ISPs.

"It's possible to use that existing kit to establish the who, where and when," he said before repeating that "if we cannot reliably extract comms data by that route then we won't do it".

Farr had earlier defended Home Secretary Theresa May's draft communications bill - dubbed a snoopers' charter - by saying that clarity was needed about what data providers should retain. He said a "technical problem" existed with the current Data Retention Directive (DRD) and the Regulation of Investigatory Powers Act (RIPA).

"The lack of data is then compounded by a legal problem because the DRD is not clear about what information should be retained," he said.

'Necessary and proportionate' mantra bandied around

Farr told the committee that anything between 500 and 1,000 communication data requests could be submitted for an average murder investigation in the UK. He further explained that criminals would use multiple comms devices and, for example, regularly ditch mobile phones to avoid being sniffed out by police or spooks.

When asked if function-creep would seep into the legislation if successfully passed by Parliament in its current form, Farr said:

The application process is a thorough and very serious bit of work. An applying officer has to seek authority in written form... it has to consider collateral intrusion and needs to be signed off by a senior member of the police force.

Farr said that currently, there was a roughly 25 per cent shortfall on information that spooks and police couldn't get their hands on. He was asked what proportion of that data involved concealment.

"Not very much," the security man responded. "If you have the right kind of data, issues of anonymisation cease to be a problem.

"If people take greater efforts at anonymisation, it could become a problem... but I'm satisfied by the techniques being developed. Many workarounds can be defeated... we are not proposing this law on the grounds that it will provide 100 per cent coverage of the communications data in this country."

Farr admitted "there will still be workarounds" but claimed by 2018 that that gap could be tightened with a new law.

The joint committee of MPs and peers expressed concerns about what parliamentary oversight would be put in place for the proposed legislation.

"I would emphasise that the definition of comms data is set out in existing legislation and there's no change here," Farr said, with subscriber, service and traffic data providing the "essential context" in which such information would be sought.

Lib Dem MP Julian Huppert asked exactly how the estimated £1.8bn price tag for the scheme over the next 10 years had been calculated. "Assumes lots of DPI?" he quizzed.

"It assumes doing some of it," Farr agreed.

Alcock then added that the majority of the costs were related to data retention – with over 50 per cent of that cash being set aside for storage.